Tag Archives | digital india

Beware the security risks before you jump onto digital payments bandwagon

Deficit in cash flow has forced users into digital payments. Without proper precautions and security policies, the highly reactive nature of cyber security leaves us vulnerable to cyber-attacks.

chaiwalla-paytmImage source: DNA India

The whole demonetization of currencies has shaken our country to its core. In the past week, we saw how it affected people at all levels and how they were coping with it, hoping for the better in the near future. While the challenges still persist, it has nudged people towards digital transactions even for their daily needs using virtual wallets, PayTM and others. Companies that enabled digital payments acted as buffers soaking up some of the pressure. In fact, there was a surge in digital payments hitting records high over the past week; PayTM saw a 200% increase in its mobile application downloads and a 250% increase in overall transactions. MobiKwik saw an increase of 200% in its application downloads within few days. Other companies within this domain such as, Oxigen and PayU have also seen a rise in their service usage.

Resultant trend maybe vulnerable to security threats

This new trend is certainly heading in the right direction towards digitization, however there is risk of casting a blind eye towards the security aspect in the whole process of adapting to this digitized lifestyle. The Nordea Bank Fraud incident that occurred in 2007 is a classic example of e-banking cyber-attack, where perpetrators infected unsuspecting customers’ systems with a malware that stole login credentials, and made off with over 1.1 million US dollars. Not even major financial corporations like VISA, PayPal, and MasterCard are invincible from cyber-attacks.

The security standards and precautions have certainly evolved since these high profile attacks. But the speed of technological developments and its integration into our economy far supersedes that of the defense mechanisms and protocols in place to mitigate any cyber-attack on these developments. It goes to show that they are unparalleled and reactive in nature which ultimately begs the question: Is it safe to utilize these new payment platforms?

PayTM for instance is certified under the Payment Card Industry Data Security Standard (PCI DSS) 2.0 certification, which is the current industry security standard set by American Express, Visa International, MasterCard Worldwide and few other international dealers. This is an essential certification for companies that store credit-card info. PayTM also uses 128-bit encryption technology to crypt any information transfer between two systems. It takes more than 100 trillion years for a hacker to crack a password under 128-bit encryption. Needless to say, transactions via PayTM are fairly secure. Other companies like MobikWix also employ the 128-bit encryption technology. This is a common security measure that companies dealing with credit card information and transactions deploy, hence there is little doubt that companies taking advantage of demonetization are employing their share of precautions for secure transactions.

Is that secure enough?

But, these precautions won’t make us invulnerable. There are other things aside from the login credentials that hackers target these days. For example, just few days back, hackers breached a British mobile company, Three Mobile’s database and stole private information on six million users. Another example is the recent massive data breach of Indian bank networks that compromised over three million users’ financial data. The breach occurred between May 25 and June 10, victimizing major banking companies, including HDFC Bank, ICICI Bank, YES Bank, and Axis Bank. This stolen data can be sold underground, used for identity theft, or strengthen brute force attacks for further personal attacks.

These breaches may appear sophisticated, but there are other easier methods that anyone with basic IT skills can deploy. For Instance, here is an article by a hacker displaying the html code on how to fake the PayTM website. Using a spoofed site, a hacker can use phishing tactic to gain login credentials from unsuspecting users. Other tactics include fake mobile applications or spyware that steal information, social engineering tactics that make you reveal your login credentials, etc. This is nothing new however; spoofing, phishing, and spyware have plagued the IT security industry for more than a decade, with their tactics getting increasingly sophisticated.

But, if companies like HDFC and ICICI, which are most likely proactive in updating their security systems, still experienced cyber-attacks, what does that imply about unsuspecting users? Most new users were forced onto the digital payments bandwagon due to the currency demonetisation. Especially street-vendors, who were primarily reliant on cash payments before the demonetization, such as the Chai-wallas and Pan-wallas that were quick to adapt so as to maintain their revenue. Are these new users aware of the security risks involved here? I highly doubt it. Even if they are aware of the risks, whose responsibility is it and what precautions can they take to minimize damage from future attacks?

Whose responsibility is it?

It is not a single entity’s responsibility. Everybody involved in the process, including companies offering the service, the customers, and the government should do their share to mitigate cyber-attacks and minimize its damages. The following is a three pronged approach for companies, customers and the government to mitigate security risks:

digital-payment-risk-management

Companies

All companies that offer platforms or services enabling digital payments should, first and foremost, increase awareness of the risks among their customer base and educate them on ways to secure themselves. Employ behavior analytics and pattern analysis at their fraud departments to predict suspicious behavior. Stay proactive in looking out for any spoofed applications or websites that masquerade their service. Proactively monitor discussion boards, social media platforms, and forums that discuss hacking and fraud tactics, and implement proactive measures to thwart their tactics.

Government

The Government should also do its share to protect its citizens by minimizing vulnerabilities. It should check if the current policies regulating this platform are adequate, and update it if necessary. Educate the populace on the risks involved. Enforce strict policies and hold companies accountable for not meeting security standards. Minimize benefits that come from overlooking security precautions. And, strengthen public-private partnership on live information sharing about cyber-attacks and fraud.

Customers

Customers should do their share to minimize damages. They should educate themselves about the risks involved, and take appropriate precautions. Minimize vulnerability with two-factor authentication and routine password changes. Check for applications’ authenticity by looking for the number of downloads and reviews by other users; the higher the number of downloads and reviews are, the higher the chances that the application is legitimate. In addition, check for other application releases from that developer. Check for website’s authenticity by checking for proper spelling of the web address, or if the website is secure by checking for a green padlock symbol on the left to the web address, and that the address starts with ‘https:’ Keep the web browsers updated as they can recognize illegitimate sites easily. Do not share sensitive information including login credentials over emails, phone calls, or chats. Lastly, trust your instincts and double check to make sure you don’t leave yourself vulnerable.

Puru Naidu (@Brocolli88) is a Research Analyst at the Takshashila Institution

Comments { 0 }

Commercial models for Public Wi-Fi

Can we have a proliferation of broadband access through public Wi-Fi networks? What are the issues and challenges?

blue-and-yellow-wifi-hotspot-sign

The Telecom Regulatory Authority of India held a public workshop in Bangalore on the 28th of September 2016. The objective of the workshop was to look at the possible commercial models for providing public Wi-Fi hotspots.

The first welcome step in this workshop was the emphasis on finding commercial models for providing public Wi-Fi and not on making Wi-Fi free for all. It is quite surprising that a vast majority of people expect public Wi-Fi systems to be provided for free of cost.

The present number of Wi-Fi hotspots in India is abysmally low compared to most other countries. There are 35,000 Wi-Fi hotspots in India compared to around 10 million in the US. The real challenge is to build a network of Wi-Fi hotspots through the country that can provide seamless internet access to millions of Indians.

The different network operators shouldn’t consider public Wi-Fi as being a competitive threat to their sale of data plans. Mobile data and public Wi-Fi has to work in tandem to provide seamless connectivity. However, there is an obvious benefit by increasing the reach of public Wi-Fi. The average cost of accessing the internet through the cellular network is around 23 paisa per minute as against 2 paise per minute on Wi-Fi.

Present Challenges for Public Wi-Fi hotspots:

There are numerous challenges for creating public Wi-Fi hotspots, which needs careful attention at this early stage:

  1. There are inherent hardware limitations: Where do you put the modems and routers and in what frequence? Do each of the ISPs get their own routers? These are not small or insignificant logistical problems.
  2. Who will be responsible for the service and maintainence of these routers? What about the electricity needed to run these stations?
  3. How do you ensure about quality of service and uninterrupted broadband access? How do we check and maintain records of those who are logging on the public Wi-Fi systems? Security concerns are definitely a non trivial concern for providing public Wi-Fi
  4. How can we ensure business viability for the ISPs who provide the internet access?
  5. How can we ensure interoperability between the different ISPs? Do we need to log in separately for each ISP that we choose in different areas?
  6. There’s also the problem of the availability of infrastructure needed to provide public Wi-Fi hotspots. Specifically, this sort of operation needs plenty of unlicensed spectrum for ISPs.
  7. Finally, how to ensure smooth and easy payment systems? If the payment procedure is arduous and time consuming, many people will be dissuaded right away.

Once the problems were identified, the rest of the workshop focused on attempting to find solutions for these, though it slightly fell short, according to my assessment. The broad ideas were in the right direction, but the specifics of the mechanism got lost in a beauty contest of the different solution providers.

Pipe vs. Platform model:

One of the interesting big ideas was the emphasis on switching from the current piped model to a more open platform model. In short, the pipe model would expect the entire vertical of setting up public Wi-Fis to be done by the ISPs. This would involve each ISP to get spectrum, provide the internet access, set up routers, authenticate consumers, accept payments, and so on. Instead, using an open-ended platform would allow for innovation in the different layers of the verticals. The payment can be taken care of an external app based on UPI/mobile wallets, etc. The authentication and KYC can be taken care of using Aadhar or any trusted authentication method (even mobile phone numbers can act as auntheticating tools). Local shop-keepers can take up the initiative for setting up routers and ensure its maintainence if they are compensated correctly for this.

More importantly the viability of a truly public Wi-Fi network would work only if individual users are allowed to resell broadband access. This is like the solar rooftop model, where individuals can set up solar power generators and sell it back to the grid. Imagine an open national grid, where each individual can sell/resell their broadband access. This would create a truly seamless public Wi-Fi system.

Anupam Manur is a Polcy Analyst at the Takshashila Institution and tweets at @anupammanur

Comments { 0 }

Reimagining public spaces with internet

By bringing people together, internet is changing how we perceive public spaces.

Public spaces in Indian cities have been synonymous to chaos and liveliness. The common places include seasides, parks, tourist spots or markets. These public space provide cheap entertainment location for the large population in the cities looking for a quality time, or so they have till now. Recently, these spaces have become grounds for purposeful interactions.

The Digital India campaign and government’s plan to provide free wi-fi in 2,500 cities and towns across countries is an indication that internet connectivity is becoming more of a necessity than luxury in the current century. As of September 5, 2015, there were 345 million internet users in India as per a report published by the Internet And Mobile Association of India. With such a large majority of people on internet, the connectivity between people from various backgrounds and locations has made large networks. These networks usually use public spaces for physical interactions. For instance, the last food walk you went to with a complete set of strangers would not have been this hassle free without internet.

The increasingly used internet has created networks that brings strangers together in a very short notice. This feature of the internet has been played in various capacities. The tweets have been a medium for gathering large crowds during incidents like demonstrations at Cairo’s Tahrir square and the Delhi protests after 2012 Delhi gang rape case. The same medium is also acting as a catalyst for various interest groups to explore their cities and its pleasures. This has helped in shifting the crowds from the middle of the city centres to the relatively unknown ends of the city.

One of the drastic impacts of internet connectivity has been on tourism. John Jung in his article[1] has explained how Cairo’s Tahrir square gained overnight fame after the 2011 incident. It has since become a common tourist spot. A similar impact has been seen by the Irish government, which has seen a sudden rise in the tourism after the fame of Game of Thrones, an American television series.

In the recent time, internet has become an integrated part of the a city dweller’s life. Be it booking a cab on Uber or finding a restaurant on Zomato, internet has become a common platform for all. However, it is interesting to see that its also playing a role in making public spaces relevant in innovative ways. The only question now is whether the impact will substantial enough to reduce the shortage of public spaces in India?

Devika Kher is a policy analyst at Takshashila Institution. Her twitter handle is @DevikaKher.

[1] John Jung, ‘Internet in the public realm’, My Liveable City, Jan-March 2016, pp. 100

Comments { 0 }

Random Observations from the BBMP elections

Urban local elections in India have historically witnessed a low voter turnout and the BBMP elections may not be an exception. Despite the ease of obtaining voting information from the internet, many people still prefer to wait for a long time to get it manually. 

A Takshashila Thinktanki votes in the BBMP elections.

A Takshashila Thinktanki votes in the BBMP elections.

Low Voter Turnout

On the day of the BBMP elections (22nd August 2015), the Shantiniketan School ground, BTM Layout, at 10:30 in the morning was surprisingly empty. Potential voters could walk right into their polling booths and cast their vote without waiting in a long queue as would normally be the case in the state or general elections. There was no queue outside any of the polling booths. Other voters shared similar experiences from different wards in Bangalore.

It would be interesting to note the voter turnout percentage this time. Despite various campaigns by the government, various political parties and many businesses, voting turn out is set to be low. Media reports that voter turnout was about 10% until noon – 7.3 lakh persons voted out of 7.38 lakh registered voters. It would not be very surprising if it were significantly less than 50 percent by the end of the day, going by the past trends. In 2010, BBMP elections witnessed less than 45 percent turnout. Within Bangalore, the affluent areas have traditionally witnessed much lower turnout. In 2010, many affluent areas saw voting turnout percentages between 25 and 30.

It is a similar story in all the big cities – voter turnout has been dismal for the elections that has the most direct influence on a citizen’s life. Mumbai corporation elections witnessed 46% turnout, the same numbers for Hyderabad GHMC elections, Chennai – 48%, Delhi – less than 40%, Ahmedabad – 44%. [Link].

Language Problem and Importance of Symbols – Whitefield, the contentious part of Bangalore, saw many people complaining that the EVMs contained the candidates names only in Kannada and that they were unable to read the list of candidates. Thus, many supposedly walked out of the polling booth without registering a vote. [Source] While symbols help in recognition of candidates from the main parties, independents tend to get short changed.

Voter’s Slip

It is quite common to see that there are numerous benches and desks occupied by different party workers outside the polling stations. These are usually mobbed by the potential voters to get their Ward no, serial number, polling booth, room number and their EPIC (Electors Photo Identity Card) number. One can go to these temporary stations with their name and a photo identity and the party workers will sift through many pages containing the entire ward’s electorate information and give the appropriate details. This is quite a labourious process and can potentially rob one’s enthusiasm to vote. The 2014 general elections for example in the same ward saw a waiting time of more than 20 minutes just to get this information and then wait in a separate queue to vote.

It is quite surprising that many people who have easy access to the internet still prefer to do this instead of going to the website and finding out the same details easily. The Election Commission has made this process extremely easy. Go to the relevant website (http://117.247.176.82/Searchbynames.aspx for the BBMP elections), key in name, father’s/husband’s name and the area name that you live in and all the details will be available.

Manifestos and Promises

Finally, it was slightly disturbing to read the manifestos and the general pitch of the candidates in my ward during this election. Many of the candidates do door to door campaigning and also leave behind a small booklet or a pamphlet. I have kept aside the manifestos of all the five candidates for BTM Layout and none of them really inspired me to cast my vote for them (most of them had grievous spelling and grammatical mistakes).

Some of the manifestos were too vague and general regarding their plans for the coming term – “I will work for the development of our ward”. Others centered around extremely specific work they have done and hope to do – “I have distributed x. number of sewing machines to the needy”. One candidate mentioned that he had solved many personal problems when I asked him about his achievements.

Unfortunately, the perceived purpose of the manifesto is not to inform the voter of any achievements or their grand vision and plans for the ward, but is meant to serve as a reminder of their photo and the election symbol.

Anupam Manur is a Policy Analyst at Takshashila Institution and tweets @anupammanur

Comments { 0 }

Job search for a digital India

By Devika Kher

It is IT that has the potential to connect each and every citizen of the country.

The Prime Minister in his Independence Day speech brought wider attention to the idea of having digital India work for the poor. His emphasis on using Information technology to drive development will be a boost for those ideas that seek to use an IT led approach to bridging the developmental divide. One area where this can be implemented effectively and efficiently is by changing how the job search works in rural areas.

The space for job search is dependent on three factors- skill (What one can do), location (Where it can be done) and revenue (How much will it earn?). With the advent of Internet, the answers for the three questions are available on online job portals. Websites like of Naukri.com and Times Job have created single platforms to enable employees meeting  employers. This has led to a multifold reduction in the time, energy and money spent in job hunting, or to use an economic jargon, has reduced the ‘search cost’ multifold.  But in order to enjoy these fruits of Internet technology, every individual requires an exposure to the advances of the IT. This is where the rural India is far behind the urban counterpart.

The foundation for providing digital exposure to the poor has already been laid by the Ministry of Communications and Information Technology (MCIT). The Department of Electronics and Information Technology under MCIT has created Common Service Centres (CSC) with one of the provisions being an IT terminal at village level. However, in order to change the space for job search in the rural ends of the country, we need more than just the infrastructure. We need a drastic change in the mindset. We need to create awareness as well as a will to change the perception of job search.

All of this is to be done with the ultimate goal of making job search as costless as possible.  The scope for the change is not only to reduce information asymmetry  regarding urban jobs but also about the jobs in rural districts. To begin with, the prime beneficiaries of this intervention would be the skilled and semi-skilled labour with adequate knowledge to access Internet. The benefits can then percolate as the skill enhancement initiatives by various NGOs and governmental organisations attains broader base.  The extensive use of online portals would help broaden the choice for both employer and employee and would help in smoothing the process of wage settlement.

This drastic change in “the way things are done” can be understood and implemented using Kurt Lewin’s three step process for change. Kurt Lewin, popularly known as the father of modern social psychology, made important contributions to study of organisational development with the change process being one of his most famous works. Lewin used the analogy of changing the shape of a block of ice to describe the change in the organisation structure. Appropriately enough, he called the three stages as- Unfreeze, Change and Freeze.

In case of changing the pattern for job search, the Unfreeze stage would essentially include breaking down of the status-quo, which in the given case is the cumbersome and corrupt process of application for jobs and the negative effects of a grapevine communication currently substituting for a formal setup. This can be brought about by creating awareness about the advantages of accessing mobile and Internet services in the process of job search within the rural ends of the country. A strong campaign can be made to promote the use of online portal and highlight the advantages of the use of a common platform for job seeking. The main focus in this stage would be to convince the population about the need to change which would pave way for a change in the outlook.

During the stage of Change, the political-socio-economic setup can be altered such that more people start opting to the new way of job hunting. This would require a dedicated effort by the government authorities such as Ministry of Human Resource Development, Ministry of Communication and Information Technology etc. to work towards creating platforms for promoting endeavors which would help reduce the fixed employment cost faced by the employers and search cost confronted by employees.

Along with the government authorities the private players in the market such as Naukri.com can expand their database to accommodate the information regarding the jobs in the rural ends as well. The rise in the number of users of the online portal would create network economies by expanding the scope of information available. Hence, time and communication would play a vital role in bringing about the much required change in the entire process of job search.

Finally, in the Freeze stage, as the modes adopted for job search would alter for good, the government and private players can spend their energy in creating a framework which could incorporate the changes in the most efficient manner. An important consideration in this stage would be to identify the barriers and support system of the altered process so as to sustain the change within the system. For instance, a significant area of concern would be creating a structure to ensure the robustness and the efficiency of various modes of technology used within the framework. A system would have to be made to keep a check and bring appropriate changes to the developed framework as and when required.

These three steps can be seen as the guiding principles for the new government in order to attain the dream of a digital India in at least the very basic hurdle of job search.

Devika Kher is a Research Associate at the Takshashila Institution.

Comments { 0 }